The hottest thing in higher ed is MOOC. And one of the hottest MOOC platforms is Coursera.

Wikipedia keyboard image

There are couple of challenges the MOOC movement is about to run into:

How do we know that the person submitting a test is the same person she claimed to be before? Identity proofing in a self-declared identity environment is not trivial. MOOCs are by definition open

If we want to make money, we better be able to give credits (or badges, or certificates, or a university degree, or something similar). Solutions include test submission with identity proofing.

Then comes the scary part: Coursera offers a Signature Track, where you as a student get identity verification, verified certificates and sharable course records. This is innovative and new. And the way they do it scares me because of the implications for the student and for other services online (biometric unique typing pattern). There is a Signature Track Guidebook with more details

If this is really workable, I am not sure I want to use any cloud service (like WordPress for this blog, or Gmail) where I type in text. Selling the unique typing patterns for their 2.8 million learners would, however, probably fund the company for the rest of its natural life. It also opens a whole new game of trust issues for any of us using online services. So far the typing part is only available on PC/Mac, and not on tablets

The memo points out that the current security measures on the web are designed for static text-based one-site content, whereas the current web is real-time, multi-site and has moved from documents to mobile code. Some of the issues with passwords are pointed out, and three types of goals are presented:

Reduce the number of passwords used

Increase the safety and security of how passwords are used

Broaden the use of other credentials

Proposed guiding principles:

moving authentication down into the platform: Methinks not letting every single web developer reinvent the security wheel is a good thing

design for growth and multiple authentication mechanisms and credentials: the world changes,

Friday was a sad day, since my twitter account @imelve was hacked. I opened a webpage, via a pointer in a message from a trusted source, and then things started going wrong. Within a few minutes, my account started to send malicious messages (se below)

And then my friends started to warn me. Luckily one of them warned me by text message, since Friday night is mostly family time and I am offline. Twitter does not run my life, it is but a small part of my online presence. And snuggling up to the kids take precedence. But the message talked of danger, and I did not know what else was compromised on my PC/mobile/iPad. It was time to take back control of twitter

Change twitter account password

Revoke application privileges (I had 25 apps with privileges registered, only one from the malicious site)

Start tidying up app passwords, since leaving this undone may lead to blocked twitter account due to large number of failed logins

Delete messages with malicious content, wading through all streams I have sent.

Taking your life back is never easy. Twitter helped by giving a single page where I could revoke account privileges. Getting the apps to work again afterwards? Not fun. The app privileges were harder to deal with than they should have been, since

I use twitter on PC, mobile phone (Android) and iPad. They have all had multiple renovations and upgrades where apps and web sites get twisted around.

I did not remember which apps I actually use.

I did not remember how to change passwords in all the different user interfaces. (Thank you, Flipboard, for making this easy, including meaningful error messages. The rest of you apps know who you are.)

I am still not done with the apps, but my life is back on track. Sort of.

Professor Audun Jøssang has formulated some useful principles for security usability. I wish more people would reflect on these, and what their practical implications are for the systems and web pages we offer our users today. And I really wish Facebook would read them.

The rough statistics for usability is

35% of the people will understand, almost no matter what you write or do

40% will have cognitive challenges at some times

25% do have special challenges understanding

Given this, and the fact that most web sites aim at the population at large, we really need to rethink the mental load we place on our users.

Google+ is subject to a #nymwar discussion about the requirement to use Real Names. Google+ has shut down a large number of accounts, for example for IdentityWoman. The movement for use of pseudonyms have launched My Name Is Me, where the arguments for pseudonyms are presented. Some arguments are:

the right not to be stalked or persecuted (whistle blowers, abuse survivors, people from small communities, sexual minorities)

In Norway we have a debate about how public online discussion forums may avoid hateful and cesspit discussion. There is a need for participants to be held accountable for their opinions, but in my opinion not necessarily to expose legal identities. The federations in higher education are currently handling both Real Names, nicknames and pseudonymous/anonymous access

Real Names are present in the identity management system, because the universities need these names to issue formal credentials (PhDs, MS etc) and bind the formal credentials to formal legally registered names.

Nicknames are present in the attribute definitions, but we are still in the process of sorting out what are the most practical ways of sharing this information. There is ongoing debate about consent and necessity for attribute sharing, and displayName is an attribute we need to think more about. Feide decided to require both legal name (Real Name = norEduLegalName) and preferred name (nick = displayName)

Federations provide anonymous traceable access, based on technology for per service unique identifiers .

We need to find a balance online, as we have for other aspects of public space where we do not need to post information about identities for each person, but in many cases require that identity is traceable. Minimal exposure of information is good, but defining minimal is difficult.

David Bantz posted an interesting email Please, somebody talk me down! on the Shibboleth users list, pointing to four issues that crop up over and over again with SSO in higher education:

Even if a vendor claim to support SAML, they are unable to consume attributes. And the provisioning of attributes include both sensitive, restricted and open information.

Proprietary extensions are used for too many of our solutions

Credential relays, operated by non-trusted third party (or SP). Preferably combined with non-maintenance of SP software?

Why not just use AD? Believing that using AD will automagically integrate all services.

The scary summary is that we as a community are not providing enough direction when it comes to SSO solutions.

For some of these issues (why AD does not solve all problems, credential relays) we need to explain the issues in a language that may be understood, or even better, put into calls for tender. For other issues there are unsolved technical problems, like the integration of web-SSO and non-web-SSO. The concept of real-time attributes, so beloved of higher education federation, is poorly understood by most vendors. Then again, they are not used to operating in a world where user account lifetime is planned per semester.

I am hoping that REFEDS may be a place to work on some of the issues pointed out, but the bulk of the work will have to be done by each individual university as they call for tender and discuss with their application suppliers and partners.

The Filter Bubble by Eli Pariser shows some of the implications of personalization, especially for the public discussion and our community political discourse. Google is one example, where the search results differ based on geography, previous searches and many many other factors.

When we first started work on federated identity and attributes, we thought the primary use for attributes would be authorization: granting or refusing access. We were wrong. In the first two years of handing out attributes, we discovered that personalization is the primary reason for requesting information about a person. Attributes are used for personalization, and controlling attributes is under-estimated. We need to work more on attributes and how to share enough information without revealing too much. Cross-site scripting is a security threat, cross-site personalization is a risk to our integrity. Personalization is available on most modern web sites.

The Filter Bubble points out some of the dangers for our society as the news streams get fragmented and we slide into ghettos where there is no shared reality anymore. Shared reality is important for democracy, as we need to sort out where our choices are, during a public discussion.

My sister is a public servant, working for the Norwegian government. Someone set off a bomb just outside her office less than a week ago, because he hated the current political regime, killing 8 people. He then went on to the Labor Youth summer camp, killing 68 (current number, there are several missing persons), where he was arrested. All the evidence reported by the media points to a person who has been living in a filter bubble with a strong reinforcing feedback hatred for Muslims, as explained in the Guardian by Thomas Hylland Eriksen. The terrorist has been using anonymous discussion forums online to confirm his ideas and get ideological backing. Conspiracy theories flourish in such environments.

The Filter Bubble on our Internet gets really scary when we encounter:

There is no transparency, we do not know how reality was altered to fit us

The invisible ghetto I live in have walls, and I believe they are the end of the world

We have no interest in our community and cross-partisan discussion fail to deal with large (and small) political issues

Personality tests used for job interviews gets replaced by an interpretation of the bubble the job applicant live in (there is probably an app for doing this, at least in the US, where such information is for sale). Knowing about your bubble gets more important than knowing you.

Critical thinking is made more difficult by incongruent information, since search results and news flow differ significantly